AI Breaches Human Defense Systems in 20 Hours

Artificial intelligence (AI) is collapsing human defense systems, drastically reducing the time taken for actual attacks from 2.3 years to just 20 hours. The period between the discovery of a software security vulnerability and its exploitation in a real attack has plummeted from an average of 2.3 years in 2018 to approximately 20 hours. These figures are according to the 'Mythos Ready Report,' jointly published by CSA, SANS Institute, and OWASP.

Anthropic's AI model, 'Mythos,' is known to possess the ability to autonomously detect software vulnerabilities, generate attack scenarios, and gain control of operating systems without human intervention.

The US government and global financial institutions, including those in the UK and India, are discussing AI model control measures with Anthropic to counter these evolving AI threats. A sense of crisis is growing, particularly among defense and intelligence agencies, that existing security frameworks are unable to keep pace with the speed of AI-driven threats.

AI attacks analyze and convert vulnerabilities into code within hours, but the security operations of many organizations remain bound by traditional procedures such as alert verification, vulnerability analysis, and patch application. Some still rely on quarterly or annual patch cycles, leading to a widening structural speed gap. The paradigm shift in security is moving away from defending individual vulnerabilities towards analyzing and blocking entire attack paths that connect multiple vulnerabilities. South Korea's national network security framework (N2SF) is also transitioning to risk-based security, marking a change in the security paradigm from 'how well we defend' to 'how quickly we respond.'